Never noticed this before, but as following a discussion on freebsd-net
where a firewall's dynamic rule list was being overwhelmed...
They were discussing creating rules like this:
> ipfw add allow tcp from evil/24 to any port 445 setup limit src-addr 4
> ipfw add allow tcp from evil/24 to any port 139 setup limit src-addr 4
This would allow only 4 connections for example
Also, the dynamic rule limit seems to be configurable - just in case this
helps anyone I thought I'd note it here...
The default (FBSD 4.9, ipfw 2) number of rules max seems to be 4096.
hope that is useful to someone.